Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2024-24774
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
CVSS Score
3.4
EPSS Score
0.003
Published
2024-02-09
CVE-2024-24776
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.
CVSS Score
3.1
EPSS Score
0.002
Published
2024-02-09
CVE-2024-25442
An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.
CVSS Score
7.8
EPSS Score
0.004
Published
2024-02-09
CVE-2024-25443
An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-02-09
CVE-2024-25445
Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25446
An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25447
An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25318
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-02-09
CVE-2023-6677
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection.This issue affects Online Collection: before v.1.0.2.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
CVE-2024-25302
Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-02-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved